Transcribed by ESO, translated by —
Let's go.
To the CDC hacktivism panel, I've been asked by our sponsors to mention that coming up
next is Jim Christie's Fed panel.
So I guess that's for all of you.
For the Feds.
And after that is Brian Glancy's...
After that is Brian Glancy's The Weakest Link.
Okay.
Let me sort of explain how this is going to work, and then you can decide whether or not
you want to stay and watch it.
I'm Reid Fleming from the Cult of the Dead Cow.
This is the panel about hacktivism.
All my fans.
And we're pleased to present today's keynote speech and panel discussion entitled,
Hacktivism and Human Rights, Using Technology to Raise the Bar.
The format's simple.
There's going to be a speech, and then afterwards there'll be a panel discussion.
And then tonight, after 5.30, you can find us in the bar at the Hard Rock Hotel, and
you can talk to us about basically anything you hear here.
And buying our beers.
Yeah.
Our keynote speaker is Dr. Patrick Ball, Deputy Director of the Science and Human Rights
Program with the American Association for the Advancement of Science, or AAAS.
They're located in Washington, D.C.
AAAS examines how the progress of science impacts the well-being of people.
The association facilitates communication among science, government, and the public
on a wide variety of topics that affect people around the world.
AAAS' Directorate for Science and Policy Programs is an authoritative source on research
and development in the federal budget and explores a host of science and technology
issues that face Congress.
It works to ensure research competitiveness and high ethical standards and encourages
a dialogue on science, ethics, and religion.
Its Science and Human Rights Program helps guarantee human rights worldwide.
The AAAS Science and Technology Program is a program that helps ensure human rights worldwide.
The Science and Human Rights Program was established in 1976 to give scientists a way to help
their colleagues around the world whose human rights are threatened or violated.
Mobilizing effective assistance to protect the human rights of scientists around the
world remains central to its mission, as well as making the tools and knowledge of
science available to benefit the field of human rights.
Since 1991, Dr. Ball has designed information management systems, provided training on
the use of cryptographic tools, and conducted quantitative analysis of large-scale human
rights projects for truth commissions, non-governmental organizations, tribunals, and United Nations
missions in El Salvador, Ethiopia, Guatemala, Haiti, South Africa, Kosovo, and Sri Lanka.
AAAS has published three books by Dr. Ball, Who Did What to Whom?
Planning and Implementing a Large-Scale Human Rights Data Project.
Violence in Guatemala, 1960 to 1996, a Quantitative Reflection.
And Policy or Panic?
The Flight of Ethnic Albanians from Kosovo, March to May 1999.
I give you Dr. Patrick Ball.
Thanks a lot.
That was, it's really cool to hear yourself introduced.
I want to be very clear.
Clear how thankful I am to the CDC for inviting me to give this talk.
I hadn't thought of what I do as hacktivism, but as I talk to these guys, I realize that
what we do is incredibly similar, what I do and what they do.
They're very similar in a lot of different ways, and I think that I found that similarity
really exciting, and I hope that I can share some of that excitement with you today.
As Reid said, we apply science and technology to human rights.
We take a broad view of what science is.
And what we in this room do, we would count as science.
So at least for this afternoon or for the next 30 minutes, think of yourself as a scientist,
as someone who applies a systematic and rational approach to solving a problem, to figuring
something out, to discovering something.
And with that, let me talk a little bit about what I think hacking is.
I think hacking is finding things out.
It is discovery, especially if the knowledge you're looking for is hidden, obscure, and
important.
Hidden, obscure, and important.
When government is looking for a solution, it's looking for a solution.
When governments commit mass killings, when they commit a program of ethnic cleansing
to drive hundreds of thousands of people from their home, when they detain arbitrarily thousands
or tens of thousands of people, when they commit torture over a period of years or decades,
this is not knowledge that they wish for others to know about.
For hundreds of years, the Quakers have had an idea of speaking truth to power.
It's a very strong idea.
It's an idea that has brought repressive regimes down.
Over periods of time, when people continuously, tirelessly, and truthfully speak truth to
power.
And we can agree that it's a valuable idea.
But it's not always as easy as one might think to figure out what the truth is.
It might be easy enough to say, oh yeah, that guy was killed, and he was killed by
the government.
And the government, I assure you, when you make that claim, will dismiss it.
Well, he wasn't really killed, or he was killed in a crossfire, or the agents involved were
rogues and we've sanctioned them.
But if you can demonstrate that not just that guy was killed, but 10,000 other people
were killed just like him, then you'll speak truth to power in a way that power will be
unable to deny.
And the only way you can aggregate that much information is with technology.
So I won't explain these slides, I'll point you at the URL.
But I can say that these slides are a piece of speaking truth to power.
And so are these.
So hacktivism is finding ways to speak truth to power.
Using technology in this way.
Technology or hacking in the service of human rights, or civil liberties, or the environment.
So when the Truth Commission in Guatemala was able to conclude that we find that more
than 200,000 people were killed during the armed internal conflict, more than 93% of
people were killed by the government, the Army of Guatemala can no longer deny that
this occurred, because the basis on which we made this claim was defensible on scientific
grounds.
There's no more pretending that this didn't happen, or that it was a few
violations, or that violations were committed equally by both the government and the agents
of the insurgency.
No.
Now, in fact, we have scientific data that allow us to say this happened.
It can't be denied.
And that in six regions, the slide in the lower right, in fact the killing and the pattern
of the killing was such that it constituted genocide.
What I'm going to talk about today briefly is what are human rights?
What do we mean by them?
Human rights are not just good ideas.
How does information and technology help human rights work?
I'll talk a little bit about the use of massive data and information systems.
I'll talk about cryptography.
And I'll talk about distributed web-based databases.
And finally, I'll talk about why I decided to come out here and sit in this breathtakingly
hot tent.
Does anyone else in here feel that their natural home environment is a server room
that's about 45 degrees colder than in here?
As I suspected.
Ugh.
And I'll say, what can you do?
It turns out that there's an awful lot that people in this room can do.
The fact that you've come to this conference means you have certain interests.
And I think that those interests mean you have certain skills.
And if you have those skills, I'd like to get email from you.
I'd rather not see you have root on my machine, though, if that's all right.
Human rights are defined in international law.
In 1948, after the Holocaust in Europe, after the Nazi atrocities, the world said to itself,
we needed some way of saying this was wrong.
People said during the Holocaust that it was wrong.
But no one had the right under international law to say that the Nazi government could
not do what it could do, because they had this bad idea called sovereignty.
And the bad idea of sovereignty means that governments can do what they want and other
governments can't say anything about it.
So in 1948, governments said, well, sovereignty has a limit, and that limit is defined by
certain rights that everyone has.
You do not have a right to do anything you want, but you do have certain rights.
And these are the rights defined as goals for international law in the Universal Declaration
of Human Rights, which essentially all governments of the world agreed to in 1948, with some
rather sad exceptions.
In the next years that followed that, these laws, these ideas, these goals were given
the force of international law.
And this law is codified in two covenants, the covenant on civil and political rights,
the covenant on international law.
The covenant on economic, social, and cultural rights.
These were ratified and came into force in 1976.
Coming into force means they have the force of international law.
Governments that are party to these agreements may not violate these rights without being
in the wrong.
Well, you may say, well, so what?
So what if they're in the wrong?
Well, it turns out that being in the wrong is a basis on which other governments bring
pressure to bear on them.
Other governments don't want to have diplomatic relations with them.
Other governments don't want to trade with them.
Other governments don't want to have cultural and sports missions with them.
This may sound light, but, you know, when I was working in South Africa in 1996 through
1998, the South Africans told me that the thing that hit them hardest was that they
couldn't have other teams, other sports teams come and play sports with them.
This erodes the fabric of what it means to live in a nice place, and we all want to live
in a nice place.
And so when the things that make a place to live nice are taken away, regular citizens
start saying, hey, wait, wait, wait.
This isn't okay.
And those little bits of pressure come to bear.
They aggregate across all sorts of different arenas, and they pressure bad governments
to behave better.
Of course, now, we have on the basis of crimes of war, we have tribunals, tribunals which
try international, excuse me, try people who have violated international humanitarian
law and send them to prison.
It would be very nice if we had a round of applause for the extradition of Slobodan Milosevic
to The Hague last week.
Thank you.
And I hope you're all as excited as I am by the prospect of his very pleasant
and drawn-out trial, which should begin in about six months.
The Convention Against Genocide is the strongest of all international humanitarian law.
And it means that no government can decide because they don't like some group, because
of its ethnicity, its religion, its race, its color, its ideas even.
It means that they cannot target that group for elimination.
It's a struggle.
It's a strong idea.
It may sound obvious, but it was only ratified in 1948.
And we've only had two findings under international law that genocide has been committed.
That doesn't mean that they're the only two times it's occurred.
It means the only two times we've had findings.
We're building that.
And making a finding about genocide is making a finding about policy.
If you want to say that something has happened is a question of policy, you need an awful
lot of data, an awful lot of data.
And to get that much data in one place and to do something about it, you need a lot of
technology.
When we build these mechanisms for pressure, we use standards.
We use the standards of international law.
The pressure comes from public groups like the United Nations missions.
It comes from big international human rights groups like Amnesty International or Human
Rights Watch.
But more than anything, it comes from tiny grassroots groups on what I call the cold
face.
It comes from the groups that look the police who do disappearances in the eye.
It comes from people who go to the police stations and say, you know what?
Do you have this guy?
Could we have him back before you disappear him, please?
There are more than 8,500 of these groups worldwide, and they desperately need a lot
more technology.
And I'll tell you about the technology they need and the ways we have applied technology
in a few of these cases over the course of the next 20 minutes.
For this pressure to be effective, it's much more important that it be focused than that
it be massive.
This is an important understanding.
If we say, oh, you know, the government have to pick a case out of the air.
They can't do it.
in is the fact that the government in Burma has did a terrible job.
Burma has done some terrible things.
I know.
Let's set up a website where people can mass email or mail bomb different instances of
the government of Burma, say their embassies in various countries or other places, and
people write hate mail in email to the government of Burma.
They're just going to put up a spam filter.
That's not going to mean anything because they'll realize, because of the unfocused
or undisciplined nature of the action, the government of Burma will quickly realize
long-term pressure campaign against the government. Human rights groups that do mass advocacy have
very careful, carefully planned strategies. They know exactly who in the government might be
receptive. They understand if there are reformist elements that can undermine the hardliners and
maybe ultimately force them out of power. They know how to turn a campaign on and then turn it
off if the government does what you want. And so I would urge you in your human rights work,
if you decide to participate in these kinds of direct actions, please do so in networks of
professional human rights groups. Don't create your own networks. These people have been doing
it a long time, and they know what works, and more importantly, they know what doesn't work.
So go to Amnesty. I'll put their URL up later. But there's a lot more you can do,
and we'll talk about that. I mentioned how big the groups are, how big the community is.
Let's see, why do groups build human rights? Why do we build databases? A little human rights group
in Guatemala, the International Center for Human Rights Research,
between 1991 and 1997, built a database of only 65 megabytes of data. That takes an awful lot of
work. That's more than 19,000 cases. It's more than 45,000 individual violations. It's a lot of
dead trees. If you guys see all that paper up on the wall, those are the coding forms and the
interview documents that we went out in the field and took. More than 100 people worked for five
years to take these interviews. The database was densely relational and had 40 tables.
We ran it. We ran it. We ran it. We ran it. We ran it. We ran it. We ran it. We ran it. We ran
it under FoxPro for DOS on Toshiba 386 monochrome screens. We put the data all together. We
encrypted it using PGP and PKZIP and WIPE every night. We aggregated it onto a single machine
using Sneakernet, people bringing things over. Ungodly amounts of FoxPro code to ensure the
relational integrity. It didn't work that well, I admit. I wrote it. But the encryption worked.
The encryption worked. A laptop went missing during the process. And as far as we know,
there was no data leakage. It's a lot of discipline, folks, and it's a lot of pushing hard to do
crypto on a platform like this. About a year and a half ago, Carl Ellison, a cryptographer at Intel,
a great guy, formulated what I call Ellison's Law, which states that the user base for strong
cryptography declines by half with every additional keystroke or mouse click required
to make it work. Think about that when you're designing tools. When we put together a lot of
statistics, we get big pictures. We see the data. We see the data. We see the data. We see the data.
We see the large profile. We see when things happen. Here's a graph from Haiti pointing out
that during the de facto regime, there was a huge spike in October of 1993. Anybody who can
remember back that far, I can only remember it because I've got this slide in a couple of my
talks. Remember that the Clinton administration was threatening intervention and the paramilitaries
on the street turned up the pressure. They turned up the pressure by grabbing folks off the street
and torturing them and killing them. We learned two things from this slide. We learned two things
from looking at patterns. One, we learned that there is the power of the internet. We learned that the
internet is the power of the internet. We learned that there is this coincidence, this unsurprising
perhaps coincidence between a huge spike in the amount of political violence correlated to some
political event. We also learned that types of violence move together. The little yellow line on
the bottom spikes at the same time as the purple line on the top. Killings go up at the same time
as torture. Why would that happen? It happens because they respond to the same cause. They're
coordinated. It's policy. It's policy. Similarly, if we look at the demographic structure of people
who suffered a particular kind of violence, we learn that there is a power of the internet. We
find a structure. We find a structure that's different for men and for women who are victims of this
violation. Men are younger than women who suffer this violation. Buy me a beer. I'll tell you why.
These are some projects I won't talk about for there's too much time and I don't want
information overload. But the reason I put this slide up is to say how widespread this practice
is. We're doing statistics all over the place in the Truth Commission in Haiti. We're doing it in
a little NGO project in Guatemala in the Truth Commission in Haiti. We're doing it in the Truth Commission in
South Africa, in the Truth Commission in Guatemala, and now in Kosovo. More recently, also in Sri
Lanka. We've got projects going in East Timor, in a couple of different countries in West Africa.
Stuff is happening. And the reason that this is important for you guys is that just means there's
that much more data for people to take away from us. So let's think about ways that we can aggregate
data more safely. Building tools like Bastille, which I appreciated from this morning. Hey, I've
got Bastille on my machine. That means none of you guys are going to hack it, right? All right, just
checking. I want to go into some detail about the first project I ever did, the Non-Government Human
Rights Commission in El Salvador. I worked there in 1992, excuse me, 1991 and 1992. This group took
over 9,000 testimonies from 1977 to 1991. 9,000 people they sat down with and listened to as they
told stories about watching people get killed in front of them or their children being taken away
and never returned. They did legal work for most of these cases. There were more than 17,000 people
documented in these testimonies. More than 29,000 violations. We put the data together in an
incredibly simple format. This little flat, it wasn't flat, but for cases for this example I'll call it
flat. This little flat table where we had the victim's name in one column, a list of the violations
that they suffered in the second column. Actually in an array, but okay. The date of the violation and
the perpetrating unit. Okay, it's a flat structure. If these things occurred on different days, I had
to repeat the record. If there were multiple perpetrators, I had to repeat the
record. Let's leave that aside for the purposes of this invented example. So we see that Juan Perez
was tortured and executed on the 22nd of March, 1982, and the witnesses allege it to have been
done by the army. And on and on and on for 17,000 victims. But we also collected the career
histories of individual military officers. So for example, we found that Hernan Galindo, this is
invented, there is no Hernan Galindo in the army in El Salvador, who was a colonel and from the
2nd of August until the 2nd of August, he was a military officer. And he was a military officer.
On the 31st of December, 1983, he was the commander of the army. In fact, we had over 40 different
units that we looked at. We had 14,000 of these segments of career structure. And we see on the
third record that Hernan Galindo, we also know, commanded the police for a period before he
commanded the army. On and on for 14,000 segments of this man's career. Well, anyone in here ever
written a sequel statement? Yeah? You know what's coming, right? Right? It's a join. It's a big
join. It's a really big join. And the point of this join is to develop an individual statistical
dossier on every one of these officers. So we link the execution, torture, and detention of
Hector Colindres with the career segment of Hernan Galindo, thereby attributing these violations
to Colonel Galindo at this point in his career. This converts into a table that says that, for
example,
Acevedo Palacios was responsible for 17 arbitrary executions, the first column. 44 forced
disappearances, the second column. 86 cases of torture. No massacres, but 225 involuntary
disappearances. There's two categories of disappearance under Salvadoran law. Again,
buying a beer tells you why. But if you go on and on and look through this statistical
structure, what jumps out at you as your eye scans is that most of these guys are not involved in
that much stuff. But look at Juan Alcides Adeles.
He jumps off the map. We allege him to have been responsible for more than 222 arbitrary
executions, more than 91 cases of forced disappearance, 149 cases of torture, five massacres, and
on and on. And so when we looked across this list of officers, we determined that about
100 of them were really bad guys. These were guys who had been into it really deeply. We
passed the statistical findings to two structures set up by the negotiations that ended the
war in 1991.
These two structures had the power to force guys into retirement, and they took our list as the
basis for the list of people they forced out of the army. All right, we didn't get them sent to
prison, but we got them taken out of positions of power. That's a big step. It's a big step when
these guys are no longer running the death squads that come after officers. So what do we do? We
publish this table in a newspaper. We put pictures of these guys on posters with the statistical
summary underneath them with some very simple text. We put pictures of these guys on posters with the
text explaining what the tables meant, and we wheat-pasted them all over San Salvador. I left the country. I came home.
But I've been back since, and you know, now one of these guys that we nailed, he's got a talk show with one of the guerrilla
generals, and he sometimes makes jokes about how he doesn't know how we did our statistics. But in fact, they
sued us for defamation. He does know, because they sued us for defamation after we published these suits. If it had been a few
years earlier, of course, they would have just killed us all. But because it was after the peace process, they sued us. So we went into
court with what lawyers go into court with, that is, dozens of cases of paper. But we also went in with diskettes, with my
code, and we gave it to the judge, and we said, here's how it was done. And when the judge looked at the code, he didn't read the
code, but he figured, you know, he said to the officers with whom he'd been in bed for years, he said, you know, you guys, if you
guys have technicians review this stuff, what if they're right? You want to go to court and have them prove right? And they
backed off.
They backed off, withdrew their suit, and that's the news that people remember now. That's the news they remember. The reason it
worked? Big data. Technology is why it worked. If we'd gone with a few cases the way lawyers always do, they would have been able to
come up with a few cases that were the other way. And then we'd come up with a few more, and they'd come up with a few more, and then
they'd come up with... We're talking about tens of thousands of violations. You never exhaust even a tiny fraction of the universe that
way. You need to have the big picture. And the point is, then, that we were able to target. We were able to be focused on the
big picture. We were able to be focused. All the officers were implicated in something, sure, but who was really involved? Who just
peripherally? And so to make that decision, the decision that our choices about which officers we targeted was a fair decision, a
scientific decision, a technological decision, not a political one, we had to look at all of them and discard the ones who were not so
deeply implicated. Only large-scale methods, only big data, big technology allows us to do that. I want to go on to cryptography. It may be
obvious to you that human rights groups have a lot of data. They have a lot of data. They have a lot of data. They have a lot of
sensitive data. And in fact, we have stuff like the addresses of witnesses. According to our files, Betty Smith and Jane Jones are the most
important witnesses. You can find Betty at her home, 123 North State Street. She usually comes home at 5. Sometimes she stays with her mom. Hey, keep
this confidential. And then send it in clear text? Obviously not. You can see the date on this. I've been giving this particular slide for a long
time. Human rights groups get it. Not as much as they should. But many groups use PGP. If you guys are going to applaud, applaud for Phil Zimmerman.
PGP has had an enormously positive impact on the human rights community for its various weaknesses. And God knows, I'm really sick of the command line. For all its
weaknesses, it's done a lot of good for us. And we need to keep pushing that technology. We're also vulnerable to spoofing. What would happen if
somebody posted a message that appears to come from Human Rights Watch saying that, oh, yeah, you know, according to our investigations, the Iraqi
government has released all political prisoners, seized torturing detainees, closed forced labor production, and now permits the
full exercise of rights to free speech, religion, assembly, and association. The time for criticism has passed. Let's accentuate the positive. Let's stop being
whiners. I would hope that people would recognize this as a spoof. But hope is not enough to stake your legitimacy on. It's not enough.
Reputation is as important to us as it is to you. And so serious human rights groups store digital signatures on their messages now. They may not distribute the messages with digital
signatures on them, largely because sending digital signatures around clear text messages get mangled and so you get a lot of false rejections. But they put them on
their website so that you can download a digitally signed version and verify that in fact this came from the group that it claims to have come from. At my group, when we
send out urgent actions about scientists, we put everything up in signature and we will deny it. We've never had a spoof. Many other groups have. We may be just too small to
bother with. I'm going to go on to one more example. This is the Martis project. Most of what
human rights groups do is text. I wish, I wish that we had more structured data so that I had
more examples of the first kind. I wish there were more groups doing crypto, but most of what
human rights groups do is text. Somebody comes into the store, comes into your shop, your
organization, they say, I want to tell you a story. And I want to tell you a story about something
that happened that I saw, and here comes my story. And they tell their story. And a good
human rights group writes it down. They usually write it down on paper. In fact, a group that I'm
working with in Sri Lanka right now wrote down 3,000 stories on paper, and these stories were
then eaten by termites. So paper's not a good place to put a story. And paper's not a good
place to put a story, as I showed in the first slide, if you're looking for something in any of
those stories.
Because very soon after you start taking things on paper, you have tens of thousands
of pages, and it's not a useful searching mechanism, paper. So what you need is some
sort of information management system. And so what groups do is they type it all into
Word files. Well, it's not eaten by termites, but their searching capability is not a lot
greater. What we really need is a way to prevent them from losing all that data when their hard
disk crash, or their offices blow up, or their CPUs go missing, either because of theft or
because of theft.
Or because somebody just saves a new file with the same name. These are not technologically
sophisticated people. What happens? Well, people lose data. Has anyone worked in an office where
people lost data just because they don't know well enough? All right, you may have some sense
of the scale of the problem, okay? So what we need is some way to take lightly fielded text
data, encrypt it locally, okay, in case the CPU goes missing, replicate that data through a server
network across encrypted channels to networks in real-time. And so what we need is a way to
separate the data from the remote locations, so that if the local machines are attacked,
the far away machines are safe, and then, maybe we can add a little value and put a
public inter—a public interface to those servers, so that information the groups want
to make public, can be searchable through some sort of relatively simple web interface.
Check out www.Martis.org. Here's what the client looks like. We're in very early development.
The client, I think at this point, shows that screen, and right after that it crashes. But
But we're working on it.
And when it works, it will be GPLed.
It will have a SourceForge home.
And it will be cross-platform.
We're going to write it once and debug it everywhere.
And we are hoping for some help on that debugging.
Maybe there are people in here writing Java.
So watch for that.
We're looking at it toward the end of the year.
We hope to have that out.
But we hope that this solution will solve many of those problems.
We've gone to human rights groups in Cambodia, Sri Lanka, and Guatemala
and demoed it and said, hey, if we wrote it, would you use it?
And they were like, well, guy, you demoed it.
It must work.
Can we have it?
And we had to explain what a demo is.
That was a lot of fun.
What is to be done, folks?
What can you guys do?
Let me say that I think that everyone in here who has ever called herself or himself a geek,
the first thing you should do is support your own community.
There are terrific, terrific civil liberties groups in your community day in and day out doing important work.
That includes the Electronic Privacy Information Center, the Electronic Frontier Foundation,
the Center for Democracy and Technology, and Computer Professionals for Social Responsibility.
These folks are terrific.
They deserve your support.
You should read their stuff.
You should send them money.
You should be in touch with what they're up to.
But we can get a little bit more focused.
Sorry, once I used the double arrow, I couldn't help myself.
Anyway, there's some other stuff you can do, more in the human rights line.
You can join Amnesty and write one letter a month.
You're not doing this for Amnesty.
It helps them.
It helps you.
It helps you to think about what human rights means.
It's not an abstraction.
It's somebody in prison being tortured.
Think about that person for 20 minutes while you write a letter, a fax, or an email.
Think about it, just for 20 minutes.
I'm not asking for much.
Join Amnesty.
Read the Human Rights Watch site.
Read my site at shr.aaas.org.
Keep in touch with what people are doing.
People may have seen in the news recently, NPR and even the New York Times covered it,
that a sociologist in Egypt was put in prison for seven years because he wrote a scientific,
scientific report in which he claimed that certain things the government were doing weren't working.
Hello?
All right.
Hello?
What if he'd written a piece of code they didn't like?
How much closer to home does it have to come?
So let's stay in touch.
Let's stay in touch with that stuff.
But you're just warming up when you do that.
Let's get to what you do.
You can write code.
You can write code that promotes privacy.
You can make utilities to hack the embedded ID numbers out of things that embed them.
That's a bad thing for human rights groups.
Any document structure that embeds an ID number in it destroys the anonymity.
The anonymity of our ability to produce that document.
Write us a utility that shreds that but retains the integrity of the document.
We can't stop every human rights group in the world from using Word.
That's not a realistic goal.
They're going to use Word.
But we can make that a little bit less devastating for a lot of these leakage, data leakage issues.
You can support version one of privacy services.
Not necessarily because they work, but because if we don't support version one, we'll never
get version two, okay?
And we can build.
We can port.
We can contribute to.
We can review and bug fix existing freedom-promoting software.
I'm not going to give you a list of freedom-promoting software.
You decide what you think that means.
And I think the CDC guys may have some ideas.
And let's keep going.
Support free and open source software.
Free the doc format, okay?
Give me a translator that works every time.
Some of our documents are really complicated legal documents, and even the best translators
break on those.
Remember that human rights folks and other people protecting your privacy are users.
They're not geeks.
If your mom can't use the software, we can't either, okay?
So keep that in mind as your reference point.
Finally, maybe you could do me a favor or two?
Is there anyone in here who's really good at PostScript and want to write me a little
pearl?
I got a really interesting little hack.
And finally, is there anyone in here who really knows his or her way around X341 and an ATR
card under Red Hat 7.1?
It just, I got a problem.
And it's so far defeated Linux care.
Maybe somebody in here can help me out.
Anyway, thanks a lot for your tolerance.
I hope this really gets you excited.
Thank you, Dr. Patrick Ball.
Now it's time to throw the popsicles into the room.
Thank you to the audience and also announce the other two members of our panel.
Next to Dr. Ball is Greg Walton.
He's a human rights researcher living in Dar es Salaam.
Let me try that again.
Sitting next to Dr. Ball is Greg Walton, who's a human rights researcher working for or working
with the Canadian human rights group Rights and Democracy.
He lives in Dar es Salaam.
And sitting on the end is Drunken Master, a member of Hacktivismo and technical lead
on the upcoming product, Peekaboodie.
Thank you.
Hello.
Hello.
I think the first question we want to start off with is, I noticed that in the discussions
that we've had before this panel about what we consider hacktivism, I think the main
thing is.
We want to straighten out what it isn't, and that it isn't any sort of cyberterrorism
or disabling computers or trying to make things harder for a repressive regime by taking down
their web server.
Does anyone disagree with that?
Anyone?
No.
I mean, I think it's a good idea to make that clear right from the start, that we .
Loud yell.
I think it's clear.
I think it's important to make that clear.
I think it's important to make that clear right from the start, that what we're talking
about when we're talking about hacktivism is something more constructive, something
more positive.
Louder.
Louder.
Kiss it.
Kiss it.
Okay.
Okay.
I think it's important to make that clear right from the start, that we're not talking
about cyberterrorism.
We're not talking about information warfare.
We're not talking about taking down the Chinese backbone.
We're talking about more constructive, positive ways of dealing with human rights abuses.
I think that's something that we all agreed on.
I mean, straight away.
You know?
So we've passed out copies of the Hacktivismo Declaration, and hopefully most people have
seen it, or at least looked at the art.
What do you guys think about the Hacktivismo Declaration?
Well, I'm part of the group that actually wrote it, so I think it's great.
But it's basically our founding declaration that the summary is the various countries that
around the world have signed these two documents that are mentioned in the Declaration about
everyone has the right to have their own opinions, to view whatever documents are out there that
they want.
And even though a lot of countries have signed that, they don't uphold it.
And one of the programs that I'm the technical lead on is called Peek-A-Booty, and it's
going to basically run around any censorship on the Internet.
I mean, I think that one of the interesting things about this declaration is that it's
come from Cult of the Dead Cow, and it's in the language of a human rights group.
You know, when I was explaining to some of the human rights groups that I work with about
Peek-A-Booty, they were like, wow, that's incredible.
That would really change a lot.
You know, who made it?
Cult of the Dead Cow.
And they'd be like, what?
Cult of the Dead Cow?
Like, you know, they know nothing about hacking.
All they really know is that it's a fake.
All they've heard about maybe is a few media reports from DEFCON or Cult of the Dead Cow,
alien anal probe intrusion, kind of stage shows or something.
You know, there's a big gulf between the hacking community and between the human rights community,
that there's a kind of lack of understanding about a lot of things.
And I think one thing about this document that impressed the human rights groups that
read it was that it was so professional, I mean, written in their language, something
that they could really understand, something really very reasonable.
I think it's really valuable that you guys read this document.
And let me tell you why I think that is.
I agree with what Greg said.
My first reaction was, Cult of the Dead Cow, yeah, this is going to be great.
And I read it and I'm like, wow, it's really balanced, it's really thoughtful, it really
gets at what the balances are and the trade-offs in international human rights law.
When we get an international instrument established, we have to get governments like Saudi Arabia
to agree to it.
Now, Saudi Arabia, in fact, hasn't agreed to a bunch of them, but we do have to get
two-thirds of the countries in the United Nations to sign on before something becomes
really useful.
And to do that, it's politics, guys, we're horse-trading, and there's a lot of stuff
that's in international instruments that maybe isn't as strong as everyone in this room would
like, certainly not as strong as I'd like.
But that's the way it is.
We use what we've got and we go forward and we keep pushing.
This document gets it.
And I think when you read this document, look at the carefulness.
Look at the carefulness of the language.
Look at the very clear things that it grants to government.
It's not saying government may never look at anything of mine ever, because that's
just frankly not the way international law is.
If you've got kiddie porn on your disk, you're hosed.
So what we have to do is think about this in a balanced term.
If not only do we want the international human rights groups to get it, which Greg has said,
they're going to read this, they are going to get it, they're going to like it, they're
going to work for it.
Hey, when we're talking about human rights, let's remember that human rights is not the
right to everything we want.
Let's work with those rights and then push them.
If you want more, let's keep pushing.
Absolutely.
Keep going.
No reason to stop now.
We've got some momentum.
We've got one of the worst bad guys ever in jail.
At least in my lifetime, one of the worst guys, bad guys ever, I mean, history.
Let's go with it.
This is a great document.
I only had one more thing and then maybe we'll open it up to a couple of
quick questions, unless you guys have anything else you want to bring up.
The last thing I have is, we were talking before and it seems to me that if the choice
were between giving 50 bucks to a human rights organization or instead donating an hour of
Perl scripting, that the Perl scripting would be worth way more than the 50 bucks.
Am I right?
Way more.
Yeah.
Because you couldn't buy an hour's worth of Perl scripting for 50 bucks.
I'm sorry.
I mean, the beauty of this is you could actually help one of these groups without ever leaving
your bedroom.
I mean, they could just ask you to do something, you could send them a script and that would
be it.
It would be entirely by email.
I totally agree with that.
In fact, I'm pleading and begging for a script myself.
I actually do write Perl, but this one anyway.
But it's true that you can help human rights groups without leaving your bedroom.
And I think that's terrific.
And I'm not suggesting necessarily that you should leave your bedroom, but I do think
you should leave the world of Perl scripting for a second, for 20 minutes a month.
I think you should engage this idea.
If this talk has engaged you a little bit today, if hearing me talk about ways to respond
to mass killing, to mass detention, to ethnic cleansing, and to torture, if that rings
a bell for you, stay engaged.
Writing a letter for amnesty every month is not just about that guy in jail you're writing
about.
It's about you.
It's about you.
It's about you understanding what's going on, keeping your enthusiasm up, keeping your
solidarity going, keeping your focus on what the world's about clear.
So do that for yourself.
And, by the way, it'll help amnesty.
And it may help that guy in jail.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Go ahead.
Oh, go ahead.
I was just going to see for those of you who don't know me.
I'm Death Veggy of CDC.
I'm Death Veggy of CDC for those of you who don't know me.
Anyway, I wanted to see if anyone had any questions, if we could take any questions.
Got about 10 minutes.
Yeah, we have about 10 minutes for questions.
Anyone?
You in the front.
No, I'm wandering around.
Wait, wait, wait.
I'm like Montel.
Are you concerned that hackers, if they take on a more active.
role in political campaigns around the world
will become targets of hostile governments.
And what can we do to prevent that?
Maybe no more than there already are.
I don't think so. We use aliases in the hacker community.
We know how to keep ourselves secret. I don't think that would be a problem.
But it's also worthwhile thinking about who the hostile governments are.
I mean, what kind of reach does a hostile government have into wherever it is you live?
Sometimes that may be very significant.
During the 1980s, we learned over and over again, as the FBI trashed our offices,
that people who opposed the U.S. support for the war in El Salvador were targets, and we got nailed.
And if there had been hackers helping us out back then, I'm sure you guys would have been targets too.
So sometimes you are going to be targets, and like's just been said,
you watch yourselves, use anonymity. You know how to use these tools. You wrote them.
That's one thing. On the other hand, be strategic. Think about what you're doing.
I said be strategic. I think that's very important. Do it very well, but it's an occupational hazard, I think.
If you're going to be involved with taking on repressive regimes, then yeah, I mean, sure, it could be a danger, yeah.
Anyone else?
Hi, are you planning to make localized language versions of your Amartya software, and if so, what languages?
Yeah, totally. Actually, the demo runs now, and even the demo, man, runs now in English and Spanish,
and that's just because it was really easy for me to translate it into Spanish.
Our current language, our current target languages include Khmer, Tamil, and Sinhala.
So those are a little bit harder because that's different character sets, and so far not all of them are Unicode.
So we're going to have, there's going to be some struggle there, but we're definitely committed to a Unicode solution.
Okay, hang on a second.
Could you tell us more about Peek-a-Booty and ways that it will assist people in countries like China, et cetera, getting access to information?
Well, I can't talk about the technical details, but let's see, I can say that anyone around the world should be able to use it.
It'll be small, it'll be able to be run on hardware that's, you know, five years old or whatever.
I was just wondering if you could repeat, I was just wondering if you could repeat the name of the website where you can get more information about Mardis.
Yeah, sure.
www.mardis.org.
That's pretty straightforward.
So that people know, Mardis is the Greek word for witness, hence the name.
All right, this is my name to the people making Peek-a-Booty.
You're using some sort of a P2P network doing this thing, right?
Yes.
Okay, I know a few groups who really, they're a little bit concerned about the plausibility of using a peer-to-peer network for anti-censorship.
I know I've talked to a lot of people from Yak.net and from Peacefire who are just, they're a little bit skeptical.
Will there be any specifications released?
Is that for...
Is that for open commenting on a form or anything?
I mean, because if you're going to do this thing, you've got to do it right.
It's going to be open source, yeah.
And all of our documentation will be released when that happens, once we release it.
Beforehand?
I mean, if you don't do it right the first time, you have potentially people's lives on the line.
The, okay.
One of the, oh well, I can't really discuss too much of it.
I mean, you can say for sure that it's...
It's not being released today.
And it's gone back to the drawing board.
Why?
Because of this, if, if, if people could lose their lives because of it, it's got to be, it's got to work.
Yeah, it's not a word processor.
So, yeah, and I've, I've heard about some of these concerns.
I've read some, some great critiques of, of the idea from people like, from, from the Yak.net and people like that.
But on the other hand, you know, I, I think some of those concerns have been met.
Yeah, we do have people from security firms reviewing it.
Um, we have...
Designed in safeguards to keep people safe.
I think the concern that the last speaker, the last questioner was bringing up is that not having it open source doesn't put it, before it's released, doesn't put it out for peer review.
So that you can run into the problem that once it gets out there, it's like, oh, say, some large company with its initials or Microsoft does, that it gets out there and you suddenly find there's lots of holes in it because it hasn't had the peer review yet.
That's a good point.
That's a good point, but, um, we will have a, um, time to test this, obviously.
Uh...
Well, I, I think the other thing is, we are talking about having it peer reviewed, but it may not be open for public review.
Once, once it's released, there's going to be, like, an arms race, right?
We release it and everyone gets it all at once, the good guys and the bad guys.
And after that, it's going to be a race to who can block the other faster.
And, and, okay.
Um, well, I really admire the way that, uh, a lot of these groups speak truth to power and take the people out of power and take away their guns who violate human rights.
We all know that nothing hates a vacuum more than power.
Uh, and I'd like you to address what some of your efforts are to keep groups...
...multi-national corporations, governments, from exploiting the lack of leadership in some of these countries where you take down the leadership.
.
Well, I think taking down the leadership's a little strong.
Uh, we don't usually bring governments down.
Uh, usually you, you're able to pull out some of the worst guys and maybe effect some structural reforms.
But I think that, that's actually a really interesting question and it's a strategic question that the whole human rights community has been grappling with...
...for about ten years.
...for about ten years since we actually started to have an impact.
At the grassroots, what most groups end up doing is that after, uh, after they, uh, there is some significant transition, the groups lose a lot of their mandate.
I mean, what were you doing?
Well, God, we were all really busy.
You know, we were all really, really, really busy documenting political killings when there were dozens a month.
Now that there's maybe one or two a month, what do we do?
Well, what we do is democratization projects.
And democratization projects are...
...have a wide variety of, of different mechanisms.
And, um, wider variety of effectiveness.
Uh, most of them don't have much effectiveness at all.
But I think what the point is, is to figure out how we can use the networks of people that have been built to build, like, meaningful grassroots political party structures.
To express yourself in democratic transitions, uh, and, and in a democracy.
Uh, build effective citizen, uh, citizenship training programs.
In a country coming out of dictatorship, nobody knows what it means to be the citizen of a democracy.
And for democracies to work, citizens have to know that they can participate.
And that they can participate.
And that there are ways to do it.
And here's how you do it.
And here's how you have input.
And a lot of human rights groups in this kind of transition, in particular I'm thinking about Central American groups,
because those are the cases I know best in the post-transition, um, work on these democratization projects.
I think what is, uh, well, I'll just say ironic, uh, is that a lot of the funding for democratization projects comes from USAID.
Um, but USAID has been a really big player in Central America promoting democratization.
And some of the projects work.
Uh, there are, in fact, all sorts of ways that people in really low-resource communities are able to express themselves politically
and bring pressure to bear and protect civil rights, uh, which are stronger in, in, in a democracy,
often more relevant than their, than the human rights they struggled for before.
I think we probably have time for one or two more questions.
Yeah.
Does anyone?
Yeah, okay.
Who's there?
Who's there?
Um, I don't know.
I don't know, I don't see.
Yeah, because you can see them moving.
Um, I wanted to plug one activism project that I think also deserves mentioning.
It's, uh, the Independent Media Center at indymedia.org.
Um, I-N-D-Y media.org.
Um, it's basically a, it's an independent media center.
basically an activist hacker media collection, democratic media generation. But I also want
to ask a technical question. Maybe you guys could even comment what you think about Indy
Media. But I also want to ask a technical question, maybe, or whatever. But why should I
think, and maybe you're going to be too secretive, but why should I think about using
Peek-A-Booty over Freenet or something? Okay, first of all, I definitely support
Indy Media. I think they're awesome. They're one of the groups that open my eyes to a lot
of things. What was the next question? Freenet. Freenet. Freenet does publishing. We do sort
of getting the data. So it's the opposite end. Indy Media is great. I mean, activism
obviously means more than hacking on a computer. Maybe it means with over the airwaves, with
video, video hacking.
Power radio, these kind of things. I mean, Indy Media is fantastic. Democratic media
movement, this is crucial to what we're talking about, for sure.
Ditto.
Okay, does anyone have any last words before we dismiss everyone?
Yeah, I do. I'd just like to say that Peek-A-Booty is just one instance of this, of
hacktivism, right? There's going to be a lot more in the coming years. And I think
there's going to be a lot more in the coming years. And I encourage everyone to get involved
with either Patrick or some group where you can support human rights. I think when I came
to this conference, I wasn't sure how well we would get along and everything. But we've
had such a great melding of ideas. Bringing these desperate groups together has been just
generating tons and tons of ideas. And I think it's going to be a lot more in the coming
years. And it's been quite an experience. So I definitely encourage anyone who's interested
to contact him.
I think this is Peek-A-Booty. And where we are now is really just the beginning of it
all. It's really just the genesis of something which we can not really imagine what's coming
next. But I mean, it's a very exciting field. I'd just like to say that I'd like to just
keep on hearing from people that I've been meeting with. And I think it's going to be
great.
Over the weekend, just giving and sharing ideas and giving me technical advice on answering
my questions. I mean, that's been great.
I want to really thank CDC. It was really exciting for me to get involved with these
guys. I want to echo what's been said. I think we've had a terrific meeting of ideas.
It's been really exciting. I've enjoyed being here. And I really look forward to about 24
hours more of some very intense conversation about hacking, about security. And I'm looking
about human rights.
Thanks.
So for more information
about Hacktivismo
and updates on Peek-a-Booty,
you should check out
the Colt Dead Cow website
over the next weeks and months.
And then if you want to talk to us
after 5.30 today,
we will be in the bar
of the Hard Rock Hotel.
The, you walk in the door,
there's that little circular bar
right in the middle.
We'll be there
even if we're just, you know,
hanging off with five beers.
So, what'd you want?
Well, we wanted to sum up
with a cap, okay.
We wanted to end on a serious note
because, you know,
we're known for that.
Thank you very much.
